- 08 Feb, 2017 8 commits
-
-
Dr. Stephen Henson authored
Reviewed-by:
Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2550)
-
Dr. Stephen Henson authored
Reviewed-by:
-
Dr. Stephen Henson authored
Reviewed-by:
-
Dr. Stephen Henson authored
Reviewed-by:
-
Dr. Stephen Henson authored
Reviewed-by:
-
Dr. Stephen Henson authored
Reviewed-by:
-
Dr. Stephen Henson authored
Add SSL_kANY and SSL_aANY contants for TLS 1.3 ciphersuites. Return appropriate text strings when they are used. Reviewed-by:
-
Rich Salz authored
Reviewed-by:
Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2569)
-
- 07 Feb, 2017 3 commits
-
-
Peter Wu authored
The server and client demos (s_client and s_server) are extended with a -keylogfile option. This is similar as setting the SSLKEYLOGFILE environment variable for NSS and creates a keylog file which is suitable for Wireshark. Reviewed-by:
-
Pauli authored
Reviewed-by:
Andy Polyakov <appro@openssl.org> Reviewed-by:
Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2566)
-
Bernd Edlinger authored
or EVP_CTRL_INIT/EVP_CTRL_COPY was not called or failed. If that happens in EVP_CipherInit_ex/EVP_CIPHER_CTX_copy set cipher = NULL, aes_gcm_cleanup should check that gctx != NULL before calling OPENSSL_cleanse. Reviewed-by:
-
- 06 Feb, 2017 5 commits
-
-
Rich Salz authored
Reported by Jakub Wilk. Reviewed-by:
-
Rich Salz authored
Reported by Alexander Köppe Reviewed-by:
-
Andy Polyakov authored
Idea is to keep it last for all eternity, so that if you find yourself in time-pressed situation and deem that fuzz test can be temporarily skipped, you can terminate the test suite with less hesitation about following tests that you would have originally missed. Reviewed-by: -
Andy Polyakov authored
- harmonize handlers with guidelines and themselves; - fix some bugs in handlers; - add missing handlers in chacha and ecp_nistz256 modules; Reviewed-by: -
Andy Polyakov authored
Reviewed-by:
-
- 05 Feb, 2017 1 commit
-
-
Bernd Edlinger authored
Reviewed-by:
-
- 03 Feb, 2017 8 commits
-
-
Bernd Edlinger authored
Fixed a memory leak in ASN1_digest and ASN1_item_digest. Reworked error handling in asn1_item_embed_new. Fixed error handling in int_ctx_new and EVP_PKEY_CTX_dup. Fixed a memory leak in CRYPTO_free_ex_data. Reworked error handing in x509_name_ex_d2i, x509_name_encode and x509_name_canon. Check for null pointer in tls_process_cert_verify. Fixes #2103 #2104 #2105 #2109 #2111 #2115 Reviewed-by:
-
Richard Levitte authored
Reviewed-by:
-
Robert Scheck authored
Reviewed-by:
-
Dmitry Kostjuchenko authored
Reviewed-by:
-
Dmitry Kostjuchenko authored
Reviewed-by:
-
Dmitry Kostjuchenko authored
Updated indentations according project rules, renamed file-local define to the shorter version - USE_RWLOCK, fixed declaration after the if statement in CRYPTO_THREAD_lock_new(). Reviewed-by:
-
Dmitry Kostjuchenko authored
Fix compilation on platforms with missing pthread_rwlock_t implementation by replacing it with pthread_mutex_t. An example of such platform can be Android OS 2.0 - 2.1, API level 5 (Eclair), Android NDK platform - android-5 where pthread_rwlock_t is not implemented and is missing in pthread.h. In case of missing pthread_rwlock_t implementation CRYPTO_RWLOCK will work as exclusive lock in write-only mode of pthread_rwlock_t lock. The implementation based on pthread_mutex_t must be using PTHREAD_MUTEX_RECURSIVE mode to be compatible with recursive behavior of pthread_rwlock_rdlock. Reviewed-by:
-
Andy Polyakov authored
Reviewed-by:
-
- 02 Feb, 2017 13 commits
-
-
Richard Levitte authored
Reviewed-by:
-
Dr. Stephen Henson authored
Reviewed-by:
-
Dr. Stephen Henson authored
For TLS 1.3 we select certificates with signature algorithms extension only. For ECDSA+SHA384 there is the additional restriction that the curve must be P-384: since the test uses P-256 this should fail. Reviewed-by:
-
Dr. Stephen Henson authored
Reviewed-by:
-
Dr. Stephen Henson authored
Reviewed-by:
-
Dr. Stephen Henson authored
We now set the server certificate in tls_choose_sigalg() so there is no need for a special case for TLS 1.3 any more. Reviewed-by:
-
Dr. Stephen Henson authored
Reviewed-by:
-
Dr. Stephen Henson authored
Reviewed-by:
-
Dr. Stephen Henson authored
Reviewed-by:
-
Dr. Stephen Henson authored
New function tls_choose_sigalg(). This is a signature algorithm version of ssl3_choose_cipher(): it picks and sets the appropriate signature algorithm and certificate based on shared signature algorithms. Reviewed-by:
-
Dr. Stephen Henson authored
Reviewed-by:
-
Cory Benfield authored
Reviewed-by:
-
Cory Benfield authored
Reviewed-by:
-
- 01 Feb, 2017 2 commits
-
-
Todd Short authored
The core SipHash supports either 8 or 16-byte output and a configurable number of rounds. The default behavior, as added to EVP, is to use 16-byte output and 2,4 rounds, which matches the behavior of most implementations. There is an EVP_PKEY_CTRL that can control the output size. Reviewed-by:
-
Bernd Edlinger authored
Reviewed-by:
-
